+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Found passwords post-processing (/thread-5490.html)
Found passwords post-processing - vladimir125 - 06-02-2016
Hello everyone,
with all those recent leaks I was wondering if there is an efficient way to post-process passwords. For example we all know that the following strings come from the same word:
Code:
Pa$$word
password123
123password123
Password!!Which steps we can use to reduce the previous passwords to the good old password? I was thinking about stripping leading/trailing digits and special chars, then lowercase it and replace any leet speech.
Do you have any improvement to suggest?
Do you think that it could be an useful post-processing?
Some time ago atom said he was writing an article about this topic, but I never had the chance to read it.
RE: Found passwords post-processing - rurapenthe - 06-02-2016
Hi vladimir125,
I gave a talk at the Passwords 16 conference in Cambridge regarding generating efficient wordlists. Once of the items was a tool I wrote called RuraSort which can do what you want.
You can find it here : https://github.com/rurapenthe/rurasort
Additionally, there are very good tools from Hashcat:
https://hashcat.net/wiki/doku.php?id=hashcat_utils
Another one from Hashkiller/blandy:
http://home.btconnect.com/md5decrypter/App.RegEx.zip
I would also recommend you read this forum post too:
https://hashcat.net/forum/thread-655-page-2.html
-R
(06-02-2016, 04:58 PM)vladimir125 Wrote: Hello everyone,
with all those recent leaks I was wondering if there is an efficient way to post-process passwords. For example we all know that the following strings come from the same word:
Code:Pa$$word
password123
123password123
Password!!
Which steps we can use to reduce the previous passwords to the good old password? I was thinking about stripping leading/trailing digits and special chars, then lowercase it and replace any leet speech.
Do you have any improvement to suggest?
Do you think that it could be an useful post-processing?
Some time ago atom said he was writing an article about this topic, but I never had the chance to read it.
RE: Found passwords post-processing - vladimir125 - 06-03-2016
Thank you very much for those links!